Apple’s iPhone is advertised as a highly secure device, which is why it’s a bit funny when someone easily beats its security shortly after a major new version of iOS is released.

A YouTube video posted last week alleges that it’s possible to bypass the lock screen of an iPhone running iOS 12 without knowing the password, and access both contacts and photos.

The process, discovered by security researcher Jose Rodriguez, is a bit convoluted and requires invoking Siri to enable Voiceover, then sending a text message from another phone to the iPhone. Then, a double-tap at the right moment grants you access to features and commands you shouldn’t be able to access, invisible behind a white screen but still accessible by swiping across the screen. One of these then enables you to access the phone’s contacts, while a more complicated hack (but also doable without any special equipment or expert knowledge) lets you access photos on the phone.

The original video, in Spanish, shows the trick working on what looks like the iPhone 8, but the same technique was recreated on an iPhone XS Max in another (English) video by EverythingApplePro, below. Apparently, the bug is present in iOS 12 (and the iOS 12.1 beta) and works on all Apple devices that can run it.

An attacker would definitely need physical access to the phone and some time with it to perform this hack, so it’s not something that could happen while the iPhone is in your pocket. Furthermore, the trick does not give you complete control of the locked phone. But being able to gain unauthorized access to contacts and photos is a serious security issue on its own.

Naked Security points out that it’s possible to protect your iPhone from this hack by disabling Siri’s lock screen access; the option to do that can be found in Settings > Face ID & Passcode.

Rodriguez has been doing this sort of thing for a while now. I wrote about a similar hack he’s done in iOS 9 back in 2016, but judging by his YouTube channel he’s been cracking the iOS lock screen since iOS 5.1.

We’ve asked Apple about this issue and will update the article when we hear from them.